creamy-hamburger-70712
10/18/2023, 10:29 AMrandom.RandomPassword(
...
keepers={
"engine": engine,
"instance_class": db_instance_class,
"username": master_db_username,
},
)
aws.rds.Instance(
...
password=random_password_provider.result
)
and save it in AWS Secrets Manager
# Create an AWS Secrets Manager secret for the master password
master_password_secret = aws.secretsmanager.Secret(
master_secret_resource_name,
name=master_secret_name,
description="Master authentication information",
opts=pulumi.ResourceOptions(delete_before_replace=True),
)
master_password_secret_version = aws.secretsmanager.SecretVersion(
master_secret_version_resource_name,
secret_id=master_password_secret.id,
secret_string=pulumi.Output.all(
username=rds_instance.username,
password=rds_instance.password,
host=rds_instance.address,
port=rds_instance.port,
engine=rds_instance.engine,
).apply(
lambda args: json.dumps(
{
"username": args["username"],
"password": args["password"],
"engine": args["engine"],
"host": args["host"],
"port": args["port"],
}
)
),
)
Working with secrecretsmanager seems problematic. I get errors such as this one when I want to update the secret.
Type Name Status Info
pulumi:pulumi:Stack brain-dev 36 messages
~ ├─ aws:secretsmanager:Secret devMasterPasswordSecret **updating failed** [diff: ~description]; 1 error
+- ├─ aws:secretsmanager:SecretVersion akari/brain/dev **replacing failed** 1 error
└─ aws:rds:Instance devinstance **failed** 1 error
Diagnostics:
pulumi:pulumi:Stack (brain-dev):
panic: interface conversion: interface {} is nil, not map[string]interface {}
goroutine 111 [running]:
<http://github.com/hashicorp/go-cty/cty.Value.GetAttr({{{0xfb93078|github.com/hashicorp/go-cty/cty.Value.GetAttr({{{0xfb93078>?, 0xc00cd3b8e8?}}, {0x0?, 0x0?}}, {0xe5dbd51, 0x8})
/home/runner/go/pkg/mod/github.com/hashicorp/go-cty@v1.4.1-0.20200414143053-d3edf31b6320/cty/value_ops.go:711 +0x2de
<http://github.com/hashicorp/terraform-provider-aws/internal/provider.tagsResourceInterceptor.run({0xc002f25f20|github.com/hashicorp/terraform-provider-aws/internal/provider.tagsResourceInterceptor.run({0xc002f25f20>?, 0xe8cfd30?, 0xe8cfd28?}, {0xfb92c50, 0xc0085e37d0}, {0xfba3a18, 0xc006a6df00}, {0xe56fa80?, 0xc001088b60?}, 0x1, ...)
/home/runner/work/pulumi-aws/pulumi-aws/upstream/internal/provider/intercept.go:250 +0x143a
<http://github.com/hashicorp/terraform-provider-aws/internal/provider.New.(*wrappedResource).Update.interceptedHandler[...].func10(0xcaa0160|github.com/hashicorp/terraform-provider-aws/internal/provider.New.(*wrappedResource).Update.interceptedHandler[...].func10(0xcaa0160>?, {0xe56fa80?, 0xc001088b60?})
/home/runner/work/pulumi-aws/pulumi-aws/upstream/internal/provider/intercept.go:100 +0x169
<http://github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*Resource).update(0xfb92d30|github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*Resource).update(0xfb92d30>?, {0xfb92d30?, 0x1a8050e0?}, 0xd?, {0xe56fa80?, 0xc001088b60?})
/home/runner/go/pkg/mod/github.com/pulumi/terraform-plugin-sdk/v2@v2.0.0-20230912190043-e6d96b3b8f7e/helper/schema/resource.go:812 +0x7a
<http://github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*Resource).Apply(0xc002f97ce0|github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*Resource).Apply(0xc002f97ce0>, {0xfb92d30, 0x1a8050e0}, 0xc008938d00, 0xc006a6dd00, {0xe56fa80, 0xc001088b60})
/home/runner/go/pkg/mod/github.com/pulumi/terraform-plugin-sdk/v2@v2.0.0-20230912190043-e6d96b3b8f7e/helper/schema/resource.go:924 +0x83a
<http://github.com/pulumi/pulumi-terraform-bridge/v3/pkg/tfshim/sdk-v2.v2Provider.Apply({0xc000a6e240|github.com/pulumi/pulumi-terraform-bridge/v3/pkg/tfshim/sdk-v2.v2Provider.Apply({0xc000a6e240>?, {0xc00019c740?, 0x0?, 0xc00cd6f4c8?}}, {0xe698622, 0x19}, {0xfb93178?, 0xc002126678}, {0xfba34c8, 0xc006a6dd00})
/home/runner/go/pkg/mod/github.com/pulumi/pulumi-terraform-bridge/v3@v3.60.2-0.20230927165309-e3fd9503f2d3/pkg/tfshim/sdk-v2/provider.go:100 +0x165
<http://github.com/pulumi/pulumi-terraform-bridge/v3/pkg/tfbridge.(*Provider).Update(0xc000555b80|github.com/pulumi/pulumi-terraform-bridge/v3/pkg/tfbridge.(*Provider).Update(0xc000555b80>, {0xfb92c50?, 0xc00831c420?}, 0xc000de7b00)
/home/runner/go/pkg/mod/github.com/pulumi/pulumi-terraform-bridge/v3@v3.60.2-0.20230927165309-e3fd9503f2d3/pkg/tfbridge/provider.go:975 +0x8ac
<http://github.com/pulumi/pulumi-terraform-bridge/x/muxer.(*muxer).Update.func1({0xfbc2718|github.com/pulumi/pulumi-terraform-bridge/x/muxer.(*muxer).Update.func1({0xfbc2718>?, 0xc000555b80?})
/home/runner/go/pkg/mod/github.com/pulumi/pulumi-terraform-bridge/x/muxer@v0.0.7-0.20230801203955-5d215c892096/muxer.go:356 +0x33
<http://github.com/pulumi/pulumi-terraform-bridge/x/muxer.resourceMethod[...](0xc00cb04d70|github.com/pulumi/pulumi-terraform-bridge/x/muxer.resourceMethod[...](0xc00cb04d70>?, 0x40, 0xc00cd6f778?)
/home/runner/go/pkg/mod/github.com/pulumi/pulumi-terraform-bridge/x/muxer@v0.0.7-0.20230801203955-5d215c892096/muxer.go:303 +0xb5
<http://github.com/pulumi/pulumi-terraform-bridge/x/muxer.(*muxer).Update(0x0|github.com/pulumi/pulumi-terraform-bridge/x/muxer.(*muxer).Update(0x0>?, {0xfb92c50?, 0xc00831c420?}, 0x40?)
/home/runner/go/pkg/mod/github.com/pulumi/pulumi-terraform-bridge/x/muxer@v0.0.7-0.20230801203955-5d215c892096/muxer.go:355 +0x65
<http://github.com/pulumi/pulumi/sdk/v3/proto/go._ResourceProvider_Update_Handler.func1({0xfb92c50|github.com/pulumi/pulumi/sdk/v3/proto/go._ResourceProvider_Update_Handler.func1({0xfb92c50>, 0xc00831c420}, {0xe17eae0?, 0xc000de7b00})
/home/runner/go/pkg/mod/github.com/pulumi/pulumi/sdk/v3@v3.81.0/proto/go/provider_grpc.pb.go:609 +0x75
<http://github.com/grpc-ecosystem/grpc-opentracing/go/otgrpc.OpenTracingServerInterceptor.func1({0xfb92c50|github.com/grpc-ecosystem/grpc-opentracing/go/otgrpc.OpenTracingServerInterceptor.func1({0xfb92c50>, 0xc007dd5f20}, {0xe17eae0, 0xc000de7b00}, 0xc009e2c560, 0xc002126600)
/home/runner/go/pkg/mod/github.com/grpc-ecosystem/grpc-opentracing@v0.0.0-20180507213350-8e809c8a8645/go/otgrpc/server.go:57 +0x3d0
<http://github.com/pulumi/pulumi/sdk/v3/proto/go._ResourceProvider_Update_Handler({0xe3dc980|github.com/pulumi/pulumi/sdk/v3/proto/go._ResourceProvider_Update_Handler({0xe3dc980>?, 0xc00cb04d70}, {0xfb92c50, 0xc007dd5f20}, 0xc009e2bc70, 0xc00b24ea40)
/home/runner/go/pkg/mod/github.com/pulumi/pulumi/sdk/v3@v3.81.0/proto/go/provider_grpc.pb.go:611 +0x135
<http://google.golang.org/grpc.(*Server).processUnaryRPC(0xc000700000|google.golang.org/grpc.(*Server).processUnaryRPC(0xc000700000>, {0xfba59e0, 0xc0097061a0}, 0xc00cd44900, 0xc0086cf590, 0x1a792a70, 0x0)
/home/runner/go/pkg/mod/google.golang.org/grpc@v1.57.0/server.go:1360 +0xe15
<http://google.golang.org/grpc.(*Server).handleStream(0xc000700000|google.golang.org/grpc.(*Server).handleStream(0xc000700000>, {0xfba59e0, 0xc0097061a0}, 0xc00cd44900, 0x0)
/home/runner/go/pkg/mod/google.golang.org/grpc@v1.57.0/server.go:1737 +0x9e7
<http://google.golang.org/grpc.(*Server).serveStreams.func1.1()|google.golang.org/grpc.(*Server).serveStreams.func1.1()>
/home/runner/go/pkg/mod/google.golang.org/grpc@v1.57.0/server.go:982 +0x8d
created by <http://google.golang.org/grpc.(*Server).serveStreams.func1|google.golang.org/grpc.(*Server).serveStreams.func1> in goroutine 23
/home/runner/go/pkg/mod/google.golang.org/grpc@v1.57.0/server.go:980 +0x165
aws:secretsmanager:SecretVersion (akari/brain/dev):
error: connection error: desc = "transport: Error while dialing: dial tcp 127.0.0.1:58132: connectex: No connection could be made because the target machine actively refused it."
aws:secretsmanager:Secret (devMasterPasswordSecret):
error: error reading from server: read tcp 127.0.0.1:58136->127.0.0.1:58132: wsarecv: An existing connection was forcibly closed by the remote host.
aws:rds:Instance (devinstance):
error: error reading from server: read tcp 127.0.0.1:58136->127.0.0.1:58132: wsarecv: An existing connection was forcibly closed by the remote host.
Outputs:
I am not certain if this is the right workflow for creating and storing passwords in Pulumi. I save the password in Secrets Manager so that my app can retrieve it from there to access the DB. (I create another non-master db role too. The workflow is the same above.)
What is the right/recommended workflow in Pulumi Python to create and save passwords when creating infra for use in app code?billowy-army-68599
db_uri = pulumi.Output.all(
username=self.database.username,
password=self.database.password,
endpoint=self.database.endpoint,
db_name=self.database.db_name,
).apply(
lambda args: f"postgresql://{args['username']}:{args['password']}@{args['endpoint']}/{args['db_name']}",
)
self.db_uri = aws.ssm.Parameter(
f"{name}-db-uri",
type="SecureString",
value=db_uri,
tags=args.tags,
opts=pulumi.ResourceOptions(parent=self),
)
creamy-hamburger-70712
10/18/2023, 12:25 PM